2609, 2022

DeepSec Talk 2022: We Are Sorry That Your Mouse Is Admin – Windows Privilege Escalation Through The Razer Co-installer – Oliver Schwarz

Sanna/ September 26, 2022/ Conference

Device-specific co-installers have repeatedly allowed for Windows privilege escalation. Through Windows’ plug’n’play concept, attackers don’t need to rely on any pre-installed software on the victim client. All they need is a peripheral device associated with the vulnerable driver – or simpler, a hacking device that simply impersonates such device. In this talk, I’ll will report on his responsible-disclosure journey for a DLL hijacking in the Razer Synapse service for gaming devices. The journey starts with me trying to fake a vulnerability and suddenly realizing that the vulnerability is actually real. It continues with a support team that apologized to me for my escalated privileges. You will also learn about a number of fixing attempts and insights about Windows’ access control that helped to circumvent these attempts. The final twist: we recently discovered that the

Read More

1211, 2019

DeepSec 2019 Talk: 30 CVEs in 30 Days – Eran Shimony

Sanna/ November 12, 2019/ Conference

In recent years, the most effective way to discover new vulnerabilities is considered to be fuzzing. We will present a complementary approach to fuzzing. By using this method, which is quite easy, we managed to get over 30 CVEs across multiple major vendors in only one month. Some things never die. In this session, we’ll show that a huge amount of software is still vulnerable to DLL Hijacking and Symlinks abuse and may allow attackers to escalate their privileges or to DoS a machine. We will show how we generalized these two techniques within an automated testing system called Ichanea, with the aim of finding new vulnerabilities. Our mindset was – choose software that is prone to be vulnerable: Installers, update programs, and services. These types of software are often privileged. Therefore, they are

Read More